<img height="1" width="1" style="display: none" alt="" src="https://px.ads.linkedin.com/collect/?pid=1098858&amp;fmt=gif">

Massive Phishing Campaign Bypasses Multi-Factor Authentication, Hits 35,000 Users

Over 35,000 users hit by phishing using fake emails to hijack sessions and bypass MFA. Learn how to protect your organization today.
Content Team
By Content Team

A sophisticated phishing attack targeted over 35,000 users across 13,000 organizations between April 14-16, 2026, using fake "code of conduct" emails to steal credentials. The attackers used adversary-in-the-middle (AiTM) techniques to bypass multi-factor authentication by hijacking active login sessions in real-time.

The campaign primarily hit the United States (92% of victims) and targeted healthcare, financial services, and technology sectors. Victims received professional-looking emails claiming conduct violations, with PDF attachments leading to fake Microsoft login pages. The attackers positioned themselves between users and legitimate Microsoft services, capturing authentication tokens that provided direct account access without passwords.

Microsoft Defender Research tracked the campaign, noting its use of legitimate email services and polished HTML templates that made detection difficult. Organizations should enable phishing-resistant MFA methods like FIDO keys and implement comprehensive email security measures.

Source: Cybersecurity News
Share this article
Share on facebook Share on linkedin Share on twitter Share on email
blog_book_a_demo_cta_3x
Have questions about protecting your software?
Our escrow experts are standing by to help.
Book a free demo
YOU MAY ALSO LIKE
Nearly 1 Million User Records Compromised in Figure Data Breach
Feb 19, 2026
FBI Probes Cyber Attack on System Containing Surveillance Data
Mar 7, 2026
Microsoft Patches Actively Exploited Office Zero-Day Vulnerability
Jan 27, 2026
Microsoft Kicks Off 2026 With 112 Security Patches, Including Active Zero-Day Attack
Jan 14, 2026